<?php include("../mvz-config/system/session_start.php"); ?>
<?php include("../mvz-config/system/session_register.php"); ?>
<?php include("../mvz-config/system/begin.php"); ?>
<?php
	$login_username = "";
	$login_password = "";
	$http_referer = "";
	$ip_addr = $_SERVER['REMOTE_ADDR'];
	
	if(isset($_POST['username']))
	{
		if($_POST['username'] != "" || !empty($_POST['username']))
		{
			$login_username = strtolower(trim($_POST['username']));
		}
	}
	
	if(isset($_POST['password']))
	{
		if($_POST['password'] != "" || !empty($_POST['password']))
		{
			$login_password = strtolower(trim($_POST['password']));
		}
	}
	
	if(isset($_POST['http_referer']))
	{
		
		if($http_referer != "" || empty($http_referer))
		{
			$http_referer = strtolower(trim($_POST['http_referer']));
		}
	}
	/*
	echo $login_username."<br />";
	echo $login_password."<br />";
	echo $http_referer."<br />";
	die();
	*/
	
	$grant = 1;	// default grant permission	
	if(SETTING_CHECK_LOGIN_PUNISHMENT_MIN == 1){$grant = checkLoginPunishment($ip_addr);}
	
	if($grant == -2)
	{
		addLogByIP('Login Failed : Blocked IP, using username '.$login_username);
		
		setSessionMsg("blk");
		echo '<meta http-equiv="refresh" content="0;URL=login.php" />';	// blocked (blk) = IP blocked permanent punishment
		die;
	}
	else if($grant == -1)
	{
		addLogByIP('Login Failed : Punished IP, using username '.$login_username);
	
		setSessionMsg("x");
		echo '<meta http-equiv="refresh" content="0;URL=login.php" />';	// punished (x) = login punishment
		die;
	}
	else if($grant == 1)
	{
		if(empty($login_username) || $login_username == "" || empty($login_password) || $login_password == "")
		{
			addLoginPunishment($ip_addr);
				
			if((empty($login_username) || $login_username == "") && (empty($login_password) || $login_password == ""))
			{
				setSessionMsg("userpass");
			}
			else if(empty($login_username) || $login_username == "")
			{
				setSessionMsg("user");
			}
			else if(empty($login_password) || $login_password == "")
			{
				setSessionMsg("pass");
			}
			
			echo '<meta http-equiv="refresh" content="0;URL=login.php" />';	// username & password (userpass) = Please input username and password
			die;
		}
		else
		{
			
			$login_username = sql_quote($login_username);	// sql_quote for anti sql injection
			$login_password = md5($login_password);		// encrypt password
		
			$sql = "SELECT userid, username, usergroupid FROM ms_user WHERE username = '".$login_username."' and stsrc = 'A' LIMIT 0 , 1";
			//echo $sql;die();
			$exe = mysql_query($sql) or die(mysql_error());
			$num = mysql_num_rows($exe);
			if($num > 0)
			{
				$sql = "SELECT userid, username, usergroupid FROM ms_user WHERE username = '".$login_username."' and password = '".$login_password."' and stsrc = 'A' LIMIT 0 , 1";
				$exe = mysql_query($sql) or die(mysql_error());
				$num = mysql_num_rows($exe);
				if($num > 0)
				{
					$sql = "SELECT a.userid, a.username, a.usergroupid 
							FROM ms_user a
								LEFT JOIN ms_user_group b
									ON a.usergroupid = b.usergroupid
										and b.usergroupstatus = 1
										and b.stsrc = 'A'
							WHERE 	a.username = '".$login_username."' 
								and a.password = '".$login_password."' 
								and a.userstatus = 1 
								and a.stsrc = 'A' 
							LIMIT 0 , 1
							";
					$exe = mysql_query($sql) or die(mysql_error());
					$num = mysql_num_rows($exe);
					if($num > 0)
					{
						resetLoginPunishment($ip_addr);
						
						$row = mysql_fetch_array($exe);
						
						$_SESSION['userid'] = $row['userid'];			// Set session userid
						$_SESSION['username'] = $row['username'];		// Set session username
						$_SESSION['usergroupid'] = $row['usergroupid'];	// Set session usergroup
						
						if(isset($_SESSION['login']) && isset($_SESSION['username']) && isset($_SESSION['userid']) && isset($_SESSION['usergroupid']) )
						{
							addLogByUsername('Login');
							if(isset($_SESSION['err'])){unset($_SESSION['err']);}
							if(isset($_SESSION['msg'])){unset($_SESSION['msg']);}
							
							if($http_referer != "" || !empty($http_referer))
							{
								echo '<meta http-equiv="refresh" content="0;URL='.$http_referer.'" />';
								die;
							}
							else
							{
								echo '<meta http-equiv="refresh" content="0;URL=index.php" />';
								die;
							}
						}
						else
						{
							addLogByIP('Login Failed : Session Error, using username '.$login_username);
						
							setSessionMsg("e");
							echo '<meta http-equiv="refresh" content="0;URL=login.php" />';	// error (e) = setting session validation failed
							die;
						}
					}
					else
					{
						addLogByIP('Login Failed : User/Usergroup is Banned, using username '.$login_username);
						
						setSessionMsg("b");
						echo '<meta http-equiv="refresh" content="0;URL=login.php" />';	// banned (b) = username is banned
						die;
					}
				}
				else
				{
					addLogByIP('Login Failed : Invalid Password, using username '.$login_username);
					addLoginPunishment($ip_addr);
				
					setSessionMsg("f");
					echo '<meta http-equiv="refresh" content="0;URL=login.php" />';	// false (f) = username exist but password is wrong
					die;
				}
			}
			else
			{
				addLogByIP('Login Failed : Invalid Username, using username '.$login_username);
				addLoginPunishment($ip_addr);
				
				setSessionMsg("ne");
				echo '<meta http-equiv="refresh" content="0;URL=login.php" />';	// not exists (ne) = username is not exist or deleted
				die;
			}
		}
	}
	else
	{
		session_complete_destroy();
		echo '<meta http-equiv="refresh" content="0;URL=login.php" />';
		die;
	}
?>
<?php include("../mvz-config/system/session.php"); ?>
<?php include("../mvz-config/system/end.php"); ?>